Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 14-10-2020 Exécuté par gilles (administrateur) sur GILLES-PC-PORTA (SAMSUNG ELECTRONICS CO., LTD. R530/R730/P530) (19-10-2020 12:42:50) Exécuté depuis C:\Users\gilles\Desktop Profils chargés: gilles Platform: Windows 7 Home Premium Service Pack 1 (X64) Langue: Français (France) Navigateur par défaut: FF Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) () [Fichier non signé] C:\Windows\SysWOW64\Rezip.exe (ABBYY SOLUTIONS LIMITED -> ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (CyberLink -> ) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) [Fichier non signé] C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <7> (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2> (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Safer Networking Ltd. -> Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Samsung Electronics CO., LTD. -> SEC) [Fichier non signé] C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (Samsung Electronics Co., Ltd.) [Fichier non signé] C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNMON.EXE (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe ==================== Registre (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation -> Microsoft Corporation) HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1767816 2016-08-05] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646776 2020-03-12] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-21-1125036280-3562319748-3601731155-1001\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) HKU\S-1-5-21-1125036280-3562319748-3601731155-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE [346712 2020-07-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) HKU\S-1-5-21-1125036280-3562319748-3601731155-1001\...\MountPoints2: {3bea72d1-bee8-11e7-bfc8-e8113211957f} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-1125036280-3562319748-3601731155-1001\...\MountPoints2: {3bea72dc-bee8-11e7-bfc8-e8113211957f} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-1125036280-3562319748-3601731155-1001\...\MountPoints2: {8910044a-1eab-11e0-8129-806e6f6e6963} - E:\InstallNavi.exe HKU\S-1-5-21-1125036280-3562319748-3601731155-1001\...\MountPoints2: {a1de5e0b-bfc4-11e8-b2a2-e8113211957f} - F:\HiSuiteDownLoader.exe HKU\S-1-5-21-1125036280-3562319748-3601731155-1001\...\MountPoints2: {e20959cb-a3e2-11e8-b50f-e8113211957f} - F:\HiSuiteDownLoader.exe HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" HKLM\...\Print\Monitors\EPSON Stylus DX5000 Series 64MonitorBE: C:\windows\system32\E_ILMBVE.DLL [126976 2006-08-10] (SEIKO EPSON CORPORATION) [Fichier non signé] HKLM\...\Print\Monitors\EPSON XP-205 207 Series 64MonitorBE: C:\windows\system32\E_ILMILE.DLL [120320 2011-04-19] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) HKLM\...\Print\Monitors\EpsonNet Print Port: C:\windows\system32\enppmon.dll [558592 2012-11-12] (SEIKO EPSON CORPORATION) [Fichier non signé] HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] -> HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.) Startup: C:\Users\gilles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Envoyer à OneNote.lnk [2020-05-01] ShortcutTarget: Envoyer à OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) GroupPolicy: Restriction ? <==== ATTENTION ==================== Tâches planifiées (Avec liste blanche) ============ (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) Task: {0461C555-85C6-422C-869B-A8B58E84D94B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [286088 2020-06-16] (Microsoft Corporation -> Microsoft Corporation) Task: {0CCE6EB3-01C8-4B30-83CA-82B43544AD59} - System32\Tasks\{9D96D448-D360-42ED-BC3B-85F9198EDFBF} => C:\windows\system32\pcalua.exe -a "C:\Users\gilles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBZQI3PI\tvpc[1].exe" -d C:\Users\gilles\Desktop Task: {19CEC215-20C1-44CF-996A-C04025F27310} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig Task: {19CEC215-20C1-44CF-996A-C04025F27310} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent Task: {19CEC215-20C1-44CF-996A-C04025F27310} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation) Task: {2249D971-1987-447C-924A-8DF5EE4AE831} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe [1502264 2020-10-14] (Adobe Inc. -> Adobe) Task: {263DD426-3CA0-4A6C-A038-CF4C40AB30EB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig Task: {263DD426-3CA0-4A6C-A038-CF4C40AB30EB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation) Task: {27EBBAA0-88EC-40D2-AFD2-E491D6403A59} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [716800 2009-10-13] (Samsung Electronics Co., Ltd.) [Fichier non signé] Task: {38F9BA9D-ECFF-4A2A-A426-C0D77ECFDEF8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [286088 2020-06-16] (Microsoft Corporation -> Microsoft Corporation) Task: {4F4F7D1C-8171-4431-B093-EE5E5908FA7B} - System32\Tasks\{4A85E2B8-D5CD-4BB7-8801-051D55FB2070} => C:\Users\gilles\Downloads\GarminExpress.exe Task: {546A6232-FF65-4C10-9E69-71DD01ED1FFF} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-09-18] (Avast Software s.r.o. -> Avast Software) Task: {5DCDF749-BFA7-45C6-99F2-D0413F3EA686} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-14] (Adobe Inc. -> Adobe) Task: {5E6E797F-3CE6-47C7-BE0E-39D8401FC361} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent Task: {5E6E797F-3CE6-47C7-BE0E-39D8401FC361} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation) Task: {611F1B4D-CE1A-4154-84DD-E85406D74806} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {74CE5EAB-7562-4117-9FE6-585C143F8468} - System32\Tasks\{DAD548D9-B73B-4F86-875D-17E71C9B154C} => C:\windows\system32\pcalua.exe -a "C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\uninstbb.exe" Task: {789D89FE-39AF-4BF8-A69F-9DEBF2B87E38} - System32\Tasks\{2DEAFC09-4396-48D8-A85D-2478F4A2EF77} => C:\Windows\twain_32\escndv\escndv.exe [212504 2012-09-05] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORP.) Task: {B2C5DD05-1CA0-4E79-B74C-BC8FB854D8B9} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2201192 2010-01-19] (Samsung Electronics CO., LTD. -> SEC) [Fichier non signé] Task: {B4ACADA6-6E16-416B-8DDF-C8804208C047} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972176 2020-05-12] (Microsoft Corporation -> Microsoft Corporation) Task: {E88BCD1C-02D4-4D99-8DBE-375DCEE91AEB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.) Task: {EB640E38-4639-4261-9045-7C5B7B65029A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [972176 2020-05-12] (Microsoft Corporation -> Microsoft Corporation) Task: {FECEEB70-F362-4E47-8CF4-6499170C78CD} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe Task: {FFC35C2A-91B7-404C-BA51-B09BF127C19E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime Task: {FFC35C2A-91B7-404C-BA51-B09BF127C19E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation) (Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.) ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Winsock: Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.) Winsock: Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.) Winsock: Catalog5-x64 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.) Winsock: Catalog5-x64 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.) Hosts: Il y a plus d'un élément dans hosts. Voir la section Hosts de Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{3FF85018-09C6-49E4-A9F4-50D2B4C220C6}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{4E2B02A8-BA4B-4AB0-8229-AEAA37AB63EC}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{B4BA74A3-FE28-4BD8-8717-EA4828D08E70}: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF DefaultProfile: h30c1ltf.default FF ProfilePath: C:\Users\gilles\AppData\Roaming\Mozilla\firefox\Profiles\h30c1ltf.default [2020-10-19] FF Notifications: Mozilla\firefox\Profiles\h30c1ltf.default -> hxxps://comment-reparer.com FF HomepageOverride: Mozilla\firefox\Profiles\h30c1ltf.default -> Enabled: qwantcomforfirefox@jetpack FF Extension: (Pas de nom) - C:\Users\gilles\AppData\Roaming\Mozilla\firefox\Profiles\h30c1ltf.default\Extensions\qwantcomforfirefox@jetpack.xpi [2020-10-12] FF Extension: (Le Coin Raccourcis) - C:\Users\gilles\AppData\Roaming\Mozilla\firefox\Profiles\h30c1ltf.default\Extensions\{bca9c941-df28-4e08-98d9-35870277de34}.xpi [2020-09-05] FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_32_0_0_445.dll [2020-10-14] (Adobe Inc. -> ) FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [Pas de fichier] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_445.dll [2020-10-14] (Adobe Inc. -> ) FF Plugin-x32: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-05-01] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-05-01] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-11-15] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [Pas de fichier] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-10] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN) [Fichier non signé] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-09-11] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx ==================== Services (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY SOLUTIONS LIMITED -> ABBYY) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.) S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-14] (Adobe Inc. -> Adobe) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3052944 2020-07-14] (Microsoft Corporation -> Microsoft Corporation) R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7185288 2020-10-13] (Malwarebytes Inc -> Malwarebytes) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [Fichier non signé] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation -> Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation -> Microsoft Corporation) R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] () [Fichier non signé] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] (CyberLink -> ) R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd. -> Safer Networking Ltd.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [315768 2016-08-05] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation) R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2286976 2010-09-21] (Microsoft Corporation -> Microsoft Corp.) S2 HuaweiHiSuiteService64.exe; "C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service [X] ===================== Pilotes (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R3 athr; C:\windows\System32\DRIVERS\athrx.sys [1577472 2010-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.) R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [153312 2020-10-13] (Malwarebytes Corporation -> Malwarebytes) S3 ew_usbccgpfilter; C:\windows\System32\DRIVERS\ew_usbccgpfilter.sys [18944 2018-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2018-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [217592 2020-10-13] (Malwarebytes Inc -> Malwarebytes) R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [197280 2020-10-19] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [73880 2020-10-19] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [248968 2020-10-13] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\windows\System32\DRIVERS\mwac.sys [119920 2020-10-19] (Malwarebytes Inc -> Malwarebytes) R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation) S3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-01-13] (Realtek Semiconductor Corp -> Windows (R) 2003 DDK 3790 provider) R1 SABI; C:\windows\system32\Drivers\SABI.sys [13824 2009-05-28] (Microsoft Windows Hardware Compatibility Publisher -> SAMSUNG ELECTRONICS) U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-02-17] (Adlice -> ) S3 WDC_SAM; C:\windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2016-08-05] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies) R3 yukonw7; C:\windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] (Microsoft Windows Hardware Compatibility Publisher -> ) U3 aswbdisk; pas de ImagePath U3 aswblog; pas de ImagePath ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois (créés) =================== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2020-10-19 12:42 - 2020-10-19 12:44 - 000022695 _____ C:\Users\gilles\Desktop\FRST.txt 2020-10-19 12:42 - 2020-10-19 12:43 - 000000000 ____D C:\FRST 2020-10-19 12:39 - 2020-10-19 12:40 - 002299904 _____ (Farbar) C:\Users\gilles\Desktop\FRST64.exe 2020-10-19 06:24 - 2020-10-19 06:24 - 000073880 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys 2020-10-19 06:23 - 2020-10-19 06:23 - 000197280 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys 2020-10-19 06:23 - 2020-10-19 06:23 - 000119920 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys 2020-10-18 19:01 - 2020-10-18 19:01 - 000002743 _____ C:\Users\gilles\Desktop\cles principales.htm 2020-10-18 18:41 - 2020-10-18 19:16 - 000000000 ____D C:\Program Files (x86)\NirSoft 2020-10-18 08:09 - 2020-10-18 08:09 - 000000000 __SHD C:\found.000 2020-10-16 18:19 - 2020-10-16 19:42 - 000000000 ____D C:\Users\gilles\Downloads\recall 2020-10-16 18:18 - 2020-10-16 18:18 - 010276685 _____ C:\Users\gilles\Downloads\recall.zip 2020-10-16 11:46 - 2020-10-16 11:46 - 000000000 ____D C:\Users\gilles_2\AppData\Local\mbam 2020-10-14 11:22 - 2020-10-18 18:09 - 000520419 _____ C:\Users\gilles\Desktop\ZHPDiag.html 2020-10-14 11:22 - 2020-10-18 18:08 - 000420008 _____ C:\Users\gilles\Desktop\ZHPDiag.txt 2020-10-14 11:12 - 2020-10-14 11:12 - 003437952 _____ (Nicolas Coolman) C:\Users\gilles\Downloads\ZHPSuite(1).exe 2020-10-14 10:09 - 2020-10-14 10:09 - 000004710 _____ C:\Users\gilles\Desktop\Malware byte rapport.txt 2020-10-14 09:02 - 2020-10-19 06:32 - 000000000 ____D C:\Users\gilles\AppData\LocalLow\IGDump 2020-10-13 20:22 - 2020-10-13 20:22 - 000248968 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys 2020-10-13 20:22 - 2020-10-13 20:22 - 000217592 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys 2020-10-13 20:22 - 2020-10-13 20:22 - 000001960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2020-10-13 20:22 - 2020-10-13 20:22 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2020-10-13 20:22 - 2020-10-13 20:22 - 000001948 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2020-10-13 20:22 - 2020-10-13 20:22 - 000000000 ____D C:\Users\gilles\AppData\Local\mbam 2020-10-13 20:22 - 2020-10-13 20:21 - 000153312 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys 2020-10-13 20:21 - 2020-10-13 20:21 - 000000000 ____D C:\ProgramData\Malwarebytes 2020-10-13 20:21 - 2020-10-13 20:21 - 000000000 ____D C:\Program Files\Malwarebytes 2020-10-13 20:16 - 2020-10-13 20:20 - 000001442 _____ C:\Users\gilles\Desktop\MBSetup - Raccourci.lnk 2020-10-13 20:14 - 2020-10-13 20:14 - 002041448 _____ (Malwarebytes) C:\Users\gilles\Downloads\MBSetup.exe 2020-10-13 19:59 - 2020-10-13 20:00 - 000001529 _____ C:\Users\gilles\Desktop\adwcleaner_8.0.8 - Raccourci.lnk 2020-10-13 19:57 - 2020-10-13 19:57 - 008447152 _____ (Malwarebytes) C:\Users\gilles\Downloads\adwcleaner_8.0.8.exe 2020-10-13 19:52 - 2020-10-13 19:52 - 000005808 _____ C:\Users\gilles\Desktop\ZHPCleaner (R).txt 2020-10-13 19:19 - 2020-10-13 19:27 - 000013992 _____ C:\Users\gilles\Desktop\ZHPCleaner (S).html 2020-10-13 19:05 - 2020-10-13 19:08 - 000001475 _____ C:\Users\gilles\Desktop\ZHPCleaner - Raccourci.lnk 2020-10-13 17:32 - 2020-10-13 20:05 - 000000000 ____D C:\Program Files\Mozilla Firefox 2020-10-12 14:15 - 2020-10-13 19:08 - 000000000 ____D C:\Users\gilles\AppData\Local\ZHP 2020-10-12 14:15 - 2020-10-12 14:15 - 003437952 _____ (Nicolas Coolman) C:\Users\gilles\Downloads\ZHPSuite.exe 2020-10-12 07:38 - 2020-10-12 07:40 - 006639714 _____ C:\Users\gilles\Downloads\CrystalDiskInfo8_8_9.zip 2020-10-10 21:44 - 2020-10-10 21:45 - 000000000 ___HD C:\$WINDOWS.~BT 2020-10-10 20:27 - 2020-10-10 20:27 - 000000000 ___HD C:\$Windows.~WS 2020-10-08 21:15 - 2020-10-08 21:15 - 001047143 _____ C:\Users\gilles\Desktop\FT_Fertilisation_organique_CA_04_09-2020.pdf 2020-10-05 08:03 - 2020-10-05 08:03 - 000007667 _____ C:\Users\gilles\AppData\Local\Resmon.ResmonCfg 2020-10-04 20:02 - 2020-10-10 21:44 - 000001890 _____ C:\windows\diagwrn.xml 2020-10-04 20:02 - 2020-10-10 21:44 - 000001890 _____ C:\windows\diagerr.xml 2020-10-04 19:33 - 2020-10-10 21:44 - 000000000 ____D C:\ESD 2020-10-04 19:25 - 2020-10-04 19:25 - 019445016 _____ (Microsoft Corporation) C:\Users\gilles\Downloads\MediaCreationTool2004.exe 2020-10-04 19:13 - 2020-10-04 19:14 - 019255000 _____ (Microsoft Corporation) C:\Users\gilles\Downloads\MediaCreationTool1909.exe 2020-10-01 20:41 - 2020-10-02 07:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird ==================== Un mois (modifiés) ================== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2020-10-19 12:36 - 2018-09-06 12:34 - 000562176 ___SH C:\Users\gilles\Desktop\Thumbs.db 2020-10-19 12:34 - 2016-11-28 19:24 - 000000000 ____D C:\Users\gilles\AppData\LocalLow\Mozilla 2020-10-19 08:43 - 2018-07-28 20:53 - 000000000 ____D C:\Users\gilles_2\AppData\LocalLow\Mozilla 2020-10-19 08:20 - 2009-07-14 06:45 - 000022976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2020-10-19 08:20 - 2009-07-14 06:45 - 000022976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2020-10-18 21:08 - 2009-07-14 07:08 - 000000006 ____H C:\windows\Tasks\SA.DAT 2020-10-18 18:44 - 2017-12-16 22:58 - 000000000 ____D C:\Users\gilles\AppData\Local\CrashDumps 2020-10-18 18:08 - 2015-05-10 21:15 - 000000000 ____D C:\Users\gilles\AppData\Roaming\ZHP 2020-10-16 18:31 - 2011-03-15 21:42 - 000000000 ____D C:\Users\gilles\Documents\Youcam 2020-10-16 08:26 - 2011-03-15 20:02 - 000000000 ____D C:\Users\gilles 2020-10-16 08:23 - 2012-10-09 21:18 - 000000000 ____D C:\Users\gilles\photos 2020-10-16 08:04 - 2013-11-10 19:10 - 000000000 ____D C:\Users\gilles\Desktop\DOSSIERS FAMILLE 2020-10-16 07:42 - 2010-10-26 01:02 - 000747910 _____ C:\windows\system32\perfh00C.dat 2020-10-16 07:42 - 2010-10-26 01:02 - 000150402 _____ C:\windows\system32\perfc00C.dat 2020-10-16 07:42 - 2009-07-14 07:13 - 001669656 _____ C:\windows\system32\PerfStringBackup.INI 2020-10-16 07:42 - 2009-07-14 05:20 - 000000000 ____D C:\windows\inf 2020-10-14 10:08 - 2012-02-01 20:15 - 000000000 ____D C:\Users\gilles\AppData\Roaming\Icones 2020-10-14 09:23 - 2018-03-13 22:23 - 000004650 _____ C:\windows\system32\Tasks\Adobe Flash Player NPAPI Notifier 2020-10-14 09:23 - 2012-05-10 21:08 - 000842296 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerApp.exe 2020-10-14 09:23 - 2012-05-10 21:08 - 000004484 _____ C:\windows\system32\Tasks\Adobe Flash Player Updater 2020-10-14 09:23 - 2011-07-08 20:00 - 000175160 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2020-10-14 09:23 - 2011-03-26 19:08 - 000000000 ____D C:\windows\system32\Macromed 2020-10-14 09:23 - 2010-10-25 08:28 - 000000000 ____D C:\windows\SysWOW64\Macromed 2020-10-13 20:06 - 2015-11-30 21:50 - 000000290 __RSH C:\ProgramData\ntuser.pol 2020-10-13 20:05 - 2018-11-24 19:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2020-10-13 20:04 - 2010-10-25 08:37 - 000000000 ____D C:\ProgramData\SAMSUNG 2020-10-13 20:04 - 2010-10-25 08:29 - 000000000 ____D C:\Program Files (x86)\Samsung 2020-10-13 20:04 - 2010-10-25 08:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2020-10-10 21:45 - 2009-08-02 04:27 - 000000000 ____D C:\windows\Panther 2020-10-05 18:57 - 2012-12-21 21:11 - 000000000 ____D C:\Users\gilles\AppData\Roaming\ObviousIdea 2020-10-04 19:00 - 2020-08-17 13:24 - 000015360 ___SH C:\Users\gilles\Downloads\Thumbs.db 2020-09-25 09:15 - 2013-09-08 13:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software 2020-09-25 09:15 - 2011-03-19 21:25 - 000000000 ____D C:\ProgramData\EPSON 2020-09-25 08:55 - 2020-05-10 22:20 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2020-09-25 08:55 - 2014-12-27 08:37 - 000004476 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task 2020-09-23 08:29 - 2019-02-03 14:21 - 000000000 ____D C:\ProgramData\Mozilla ==================== Fichiers à la racine de certains dossiers ======== 2016-03-04 04:17 - 2016-03-04 04:17 - 002650644 _____ () C:\Users\gilles\AppData\Roaming\sb102.dat 2015-05-10 20:10 - 2016-07-28 19:36 - 000000214 _____ () C:\Users\gilles\AppData\Roaming\WB.CFG 2020-10-05 08:03 - 2020-10-05 08:03 - 000007667 _____ () C:\Users\gilles\AppData\Local\Resmon.ResmonCfg 2011-12-25 22:02 - 2011-12-25 22:02 - 000000000 _____ () C:\Users\gilles\AppData\Local\{D0351DFF-8E40-4514-844B-B1F88F6DDE00} ==================== SigCheck ============================ (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) LastRegBack: 2016-11-11 23:19 ==================== Fin de FRST.txt ========================